In September of 2013, news surfaced that the National Security Agency (NSA) entered a one year contract with the French security firm VUPEN, for a one-year subscription to the company’s “binary analysis and exploits service”.
According to their website:
“VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced vulnerability research. While other companies in the vulnerability intelligence industry mainly act as brokers who buy vulnerabilities from third-party researchers and then sell them to their customers, all VUPEN’s vulnerability intelligence results exclusively from our internal and in-house research efforts conducted by our team of world-class researchers.”
With this news, I filed a FOIA request for ALL current contracts between VUPEN and the NSA. Below are the responsive documents — many declassified for the first time on this request.
NSA Contracts with VUPEN, released October 2013 [31 Pages, 6.99MB]